Electron Security Issues

mumblebaj

@sdetweil Have you seen these errors before? Mirror still starts though. I have just noticed it now as I usually start my mirror from the cron.

[04.01.2022 19:49.27.681] [LOG]   Connecting socket for: MMM-Remote-Control
[04.01.2022 19:49.27.686] [LOG]   Starting node helper for: MMM-Remote-Control
[04.01.2022 19:49.27.724] [LOG]   Connecting socket for: calendar
[04.01.2022 19:49.27.729] [LOG]   Starting node helper for: calendar
[04.01.2022 19:49.27.732] [LOG]   Sockets connected & modules started ...
[04.01.2022 19:49.29.057] [LOG]   Launching application.
[28306:0104/194931.715456:ERROR:viz_main_impl.cc(161)] Exiting GPU process due to errors during initialization
[04.01.2022 19:49.33.896] [ERROR] ERROR! Could not find main module js file for MagicMirror-backup-restore
[28425:0104/194936.968648:ERROR:viz_main_impl.cc(161)] Exiting GPU process due to errors during initialization
[28481:0104/194939.078132:ERROR:viz_main_impl.cc(161)] Exiting GPU process due to errors during initialization
[28499:0104/194939.733204:ERROR:sandbox_linux.cc(376)] InitializeSandbox() called with multiple threads in process gpu-process.

sdetweil

@mumblebaj looks like MagicMirror-backup-restore is in the modules folder… should be in the users root, as it’s not a MagicMirror ‘module’

mv ~/MagicMirror/modules/MagicMirror-backup-restore ~

mumblebaj

@sdetweil Thanks Sam. That sorted it.

bigschucks

Recently I have only started coding and therefore do not pay attention to security bugs at all. I hope that it is not interesting for anyone to hack into our computer.

sdetweil

@karsten13 see
https://therecord.media/chrome-will-limit-access-to-private-networks-citing-security-reasons/amp/

oh joy

mumblebaj

@sdetweil And so it begins. Modules like the MMM-Hue and others that talk to internal devices on the local network is going to become a problem.

karsten13

@sdetweil

didn’t know this but I’m not surprised …

When this limitation is live the modules must send the new header, we will see which of them are still maintained …

fribse

So a LetsEncrypt wildcard certificate could help here (if you have a domain that is). But does MM even support running with a cert out of the box, or do you need to recode stuff?

sdetweil

@fribse there is support for certs. but most people don’t have a registered domain

I use dyndns.org to get a name back to my server on my dynamic address. it has changed a few times over the years, and I switched service providers too

karsten13

@fribse

with own domain I would recommend to run a reverse proxy in front of mm (and any other app) which handles the cert stuff automatically (as e.g. traefik). So you have not to deal with cert stuff in the apps behind the proxy.